Step 3: Build your account structure

Your 1Password account is organized around vaults and groups. These two concepts work together:

• Vaults are where your company’s information lives.
  
  
• Groups determine who can access that information.
  
  

If you’re new to 1Password, think of vaults as containers for data and groups as containers for people. The way you combine them defines your overall account structure.

Default vaults

When you first log in, you’ll see two vaults that every account includes:

• Shared vault: Accessible to all team members by default. This is useful for company-wide resources, like an office door code or shared Wi-Fi credentials.
  
  
• Employee vaults: Private to each team member, including you. Every person has their own employee vault that no one else can see. This ensures team members have a secure place for work-related items specific to them.
  
  

🔑 Best Practice: Employee vaults are for work items only. For personal passwords, encourage employees to use a 1Password Families membership (free for each team member for Business accounts).

Organize with custom vaults

Beyond the defaults, you’ll want to create vaults that match your organization’s structure and security needs. Some common approaches include:

• Department-based vaults: Finance, Marketing, IT.
  
  
• Project-based vaults: Product Launch 2025, Vendor Onboarding.
  
  

Vaults help keep information tidy, secure, and easy to locate. They also prevent oversharing — ensuring employees see only what they need.

Centralized vs. decentralized vault management

How you set up vault creation and access will shape your team’s experience:

Centralized management: Only admins and owners can create vaults. This keeps your structure consistent and prevents “vault sprawl.”

Decentralized management: Any team member can create vaults. This offers flexibility but can make it harder to track where information lives.

⚖️ Best practice: Begin with centralized management, then expand permissions to trusted groups as your team grows and your security model matures.

Groups: managing people at scale

While vaults hold your company’s information, groups let you decide who gets access.

Benefits of groups:

• Reduce repetitive admin tasks by letting you assign permissions once to a group instead of individually.
  
  
• Make it easy to update access as teams change or new projects start.
  
  
• Provide a clear, scalable way to see who can access what.
  
  

Built-in groups include:

• Owners: Full control, including billing and the ability to delete the team.
  
  
• Administrators: Powerful permissions, but can’t handle billing or delete the team.
  
  
• Team Members: Everyone in your account (default access to the Shared vault).
  
  
• Security: View and manage account security reports. This group becomes visible only after verifying your company’s domain in your account’s Breach Report.

Custom groups

Custom groups let you tailor access around your organization in any way that works for your needs. They can mirror:

• Departments (e.g. Sales, Engineering)
  
  
• Locations (e.g. London Office)
  
  
• Cross-functional teams (Product Launch, contract workers)
  
  

By combining groups with vaults, you create a system where people only see the credentials they need, while minimizing manual admin work.

🛠️ Recommendation: Start simple. Create one vault per department or project, and one corresponding group. Then, assign each group to the right vaults. This centralized model makes it clear where data belongs and ensures admins retain visibility and control. Over time, you can introduce more specialized groups or vaults as needed.

Manage permissions

As your team evolves, you may need to adjust access. Use group-level permissions to:

• Decide which groups can view, edit, or delete vault items.
  
  
• Restrict who can create new vaults.
  
  
• Control which apps (desktop, mobile, web) can access sensitive vaults.
  
  

By structuring your account with vaults and groups and creating appropriate permissions, you create a balance of security and usability. Start with the defaults, layer on custom vaults and groups, and choose a management style that fits your organization’s needs.